FBI: 'Anonymous' Hackers Breached Military And Other Government Agency Computers

BOSTON/SAN FRANCISCO (Reuters) - Activist hackers linked to the
collective known as Anonymous have secretly accessed U.S.
government computers in multiple agencies and stolen
sensitive information in a campaign that began almost a year ago,
the FBI warned this week.

The hackers exploited a flaw in Adobe Systems Inc's software
to launch a rash of electronic break-ins that began last
December, then left "back doors" to return to many of the
machines as recently as last month, the Federal Bureau of
Investigation said in a memo seen by Reuters.

The memo, distributed on Thursday, described the attacks as "a
widespread problem that should be addressed." It said the breach
affected the U.S. Army, Department of Energy,
Department of Health and Human Services, and perhaps many more
agencies.

Investigators are still gathering information on the scope of the
cyber campaign, which the authorities believe is continuing. The
FBI document tells system administrators what to look for to
determine if their systems are compromised.

An FBI spokeswoman declined to elaborate.

According to an internal email from Energy Secretary Ernest
Moniz' chief of staff, Kevin Knobloch, the stolen data
included personal information on at least 104,000 employees,
contractors, family members and others associated with
the Department of Energy, along with information on almost
2,0000 bank accounts.

The email, dated October 11, said officials were "very concerned"
that loss of the banking information could lead to thieving
attempts.

Officials said the hacking was linked to the case of Lauri
Love, a British resident indicted on October 28 for allegedly
hacking into computers at the Department of Energy,
Army,Department of Health and Human Services, the U.S.
Sentencing Commission and elsewhere.

Investigators believe the attacks began when Love and others took
advantage of a security flaw in Adobe's ColdFusion software,
which is used to build websites.

Adobe spokeswoman Heather Edell said she was not
familiar with the FBI report. She added that the company has
found that the majority of attacks involving its software have
exploited programs that were not updated with the latest security
patches.

The Anonymous group is an amorphous collective that conducts
multiple hacking campaigns at any time, some with a few
participants and some with hundreds. In the past, its members
have disrupted eBay's Inc PayPal after it stopped
processing donations to the anti-secrecy site Wikileaks.
Anonymous has also launched technically more sophisticated
attacks against SonyCorp and security firm HBGary
Federal.

Some of the breaches and pilfered data in the latest campaign had
previously been publicized by people who identify with Anonymous,
as part of what the group dubbed "Operation Last Resort."

Among other things, the campaigners said the operation was in
retaliation for overzealous prosecution of hackers, including the
lengthy penalties sought for Aaron Swartz, a well-known
computer programmer and Internet activist who killed himself
before a trial over charges that he illegally downloaded academic
journal articles from a digital library known as JSTOR.

Despite the earlier disclosures, "the majority of the intrusions
have not yet been made publicly known," the FBI wrote. "It is
unknown exactly how many systems have been compromised, but it is
a widespread problem that should be addressed."

(Reporting by Joseph Menn in San Francisco and Jim Finkle in
Boston; Additional reporting by Valerie Volcovici and Alina
Selyukh; Editing by Tiffany Wu and Tim Dobbyn)

Read the original article on Reuters. Copyright 2013. Follow Reuters on Twitter.